Tuesday, January 27, 2015



Complete DHS Report for January 27, 2015

Daily Report

Top Stories

 · Wells Fargo and JPMorgan Chase agreed January 22 to pay $35.7 million in penalties and consumer compensation to resolve allegations that loan officers with the 2 banks participated in a mortgage kickback scheme with a now-defunct company. – Associated Press See item 8 below in the Financial Services Sector

 · A severe winter storm in the Northeast region of the U.S. January 26 prompted the cancellation of 6,175 flights. – USA Today

9. January 26, USA Today – (National) Airlines cancel 6,175 flights ahead of monster storm. A severe winter storm in the Northeast region of the U.S. January 26 prompted the cancellation of 6,175 flights, over 220 of which were cancelled through January 28, across dozens of airports in the storm’s path. Source: http://www.usatoday.com/story/todayinthesky/2015/01/25/airlines-preemptively-cancel-450-flights-ahead-of-monday-storm/22320939/

 · A Lewisburg, West Virginia water treatment plant was shut down after more than 3,500 gallons of diesel fuel spilled into the Greenbrier River January 23, prompting a water outage impacting 12,000 county residents and businesses. – Charleston Daily Mail

18. January 25, Charleston Daily Mail – (West Virginia) 12,000 without water in Greenbrier County after diesel spill. The Lewisburg water treatment plant in West Virginia was shut down after a semi-truck rolled over and spilled more than 3,500 gallons of diesel fuel into a tributary of the Greenbrier River January 23, prompting a water outage January 25 which impacted 12,000 county residents and businesses. Crews began taking water samples and placing booms in Anthony Creek to contain the spill and officials closed several schools in the area due to the incident. Source: http://www.charlestondailymail.com/article/20150125/DM01/150129502

 · Huntsville police arrested an AT&T contractor January 23 for allegedly stealing tens of thousands of dollars in copper from substations within north Alabama, causing an estimated $1 million in damage. – Huntsville Times See item 26 below in the Communications Sector
  
Financial Services Sector

7. January 25, WAVE 3 Louisville – (Kentucky; Indiana) More than 150 fraudulent credit cards found during traffic stop. A Louisville driver and passenger were arrested and charged with one count of fraud January 22 after approximately 170 fraudulent credit cards were discovered in the suspect’s car during an unrelated traffic stop in Seymour by Indiana State Police. Source: http://www.wave3.com/story/27934977/more-than-150-fraudulent-credit-cards-found-during-traffic-stop

8. January 22, Associated Press – (Maryland; Virginia; New York) Wells Fargo, JPMorgan settle mortgage kickbacks probe. Wells Fargo and JPMorgan Chase agreed January 22 to pay a collective $35.7 million in penalties and consumer compensation to resolve allegations that loan officers with the 2 banks participated in a mortgage kickback scheme with a now-defunct company, Genuine Title, in exchange for cash and marketing services. More than 100 former Well Fargo loan officers in at least 18 branches located primarily in Maryland and Virginia, and at least 6 former JPMorgan Chase loan officers in 3 separate branches in Maryland, Virginia, and New York, were involved with the scheme. Source: http://abcnews.go.com/Business/wireStory/jpmorgan-wells-fargo-settle-mortgage-kickbacks-probe-28411620

For another story, see item 25 below in the Information Technology Sector

Information Technology Sector

23. January 24, Softpedia – (International) PHP 5.6.5 fixes flaw leading to remote code execution. The latest version of hypertext preprocessor (PHP) version 5.6.5 closes several security vulnerabilities including a flaw identified as CVE-2014-9427 that could be exploited by an attacker to execute code remotely on an affected machine if certain conditions are met. Source: http://news.softpedia.com/news/PHP-5-6-5-Fixes-Flaw-Leading-to-Remote-Code-Execution-471101.shtml

24. January 23, Softpedia – (International) Google Apps admin panel falls for XSS, issue researcher gets $5,000. Google awarded a Blizzard Entertainment researcher for discovering a cross-site scripting (XSS) vulnerability that relied on a JavaScript code to be executed in the Google Apps administration console, which would grant an attacker full control of the Google account. Source: http://news.softpedia.com/news/Google-Apps-Admin-Panel-Falls-for-XSS-Issue-Researcher-Gets-5-000-471056.shtml

25. January 22, Softpedia – (International) Mobile banking apps are risky business for Android users. A RiskIQ report found that more than 40,000 of about 350,000 mobile apps used for financial transactions should be considered suspicious with many of them containing malware and adware. Source: http://news.softpedia.com/news/Mobile-Banking-Are-Risky-Business-for-Android-Users-470918.shtml

Communications Sector

26. January 23, Huntsville Times – (Alabama) AT&T contractor accused of stealing more than $1 million in copper faces charges in Huntsville, Birmingham. Huntsville police arrested a worker January 23 from a contracting company that serviced AT&T in connection to allegedly using his position to steal tens of thousands of dollars in copper from substations within north Alabama, causing an estimated $1 million in damage. Source: http://www.al.com/news/index.ssf/2015/01/att_contractor_accused_of_stea.html